<?
   session_start();

//------------------------------------------------------------------------------

/*
   nobody's password: sld8123nsdk2734;210!2d.
*/


function unset_cookie()
{
   $cook_uid = 'xdjkdswc';
   $cook_pwd = 'ihsdbicn';

   setcookie($cook_uid, '2', time()+(1));
   setcookie($cook_pwd, '3', time()+(1));

   unset($_COOKIE[$cook_uid], $_COOKIE[$cook_pwd]);
}

//------------------------------------------------------------------------------

function set_cookie($uid, $pwd)
{
   unset_cookie();

   $cook_uid = 'xdjkdswc';
   $cook_pwd = 'ihsdbicn';

   $uid = $uid + 17621345;
   $pwd = "h39a".$pwd."h726a21519h93d751b091ha1463";

   setcookie($cook_uid, $uid, time()+(3600*24*90));
   setcookie($cook_pwd, $pwd, time()+(3600*24*90));
}

//------------------------------------------------------------------------------


function get_cookie()
{
   //----------------------- OMG supahackzorzdefence ololo ---------------------

   $cook_uid = 'xdjkdswc';
   $cook_pwd = 'ihsdbicn';

   $uid = ( isset($_COOKIE[$cook_uid]) ) ? ( $_COOKIE[$cook_uid] - 17621345 ) : 0; // uid = user_id + 17621345
   $pwd = ( isset($_COOKIE[$cook_pwd]) ) ? substr($_COOKIE[$cook_pwd], 4, 32) : 0; // md5-pass in cookie with offset: 4

   //---------------------------------------------------------------------------

   return array($uid, $pwd);
}

//------------------------------------------------------------------------------


function start_session($uid, $pwd)
{
   $sess_uid = 'aksjdd';
   $sess_pwd = 'lfjshda';

   $uid = $uid + 3262345;
   $pwd = "h2f28c1a".$pwd."837h3629f7ch93d751b091ha1463";
   
   if(! isset($_SESSION[$sess_uid]) ) $_SESSION[$sess_uid] = '';
   if(! isset($_SESSION[$sess_pwd]) ) $_SESSION[$sess_pwd] = '';


   $_SESSION[$sess_uid] = $uid;
   $_SESSION[$sess_pwd] = $pwd;    
}

//------------------------------------------------------------------------------

function get_session()
{
   if(!is_array($_SESSION)) session_start();

   $sess_uid = 'aksjdd';
   $sess_pwd = 'lfjshda';
   
   $uid = ( isset($_SESSION[$sess_uid]) ) ? ($_SESSION[$sess_uid] - 3262345) : 0;
   
   $pwd = ( isset($_SESSION[$sess_pwd]) ) ? substr($_SESSION[$sess_pwd], 8, 32) : 0;
   
   if($uid>0 && strlen($pwd)==32) return array($uid, $pwd);
   
   else return '';
}

//------------------------------------------------------------------------------

function stop_session()
{
   $sess_uid = 'aksjdd';
   $sess_pwd = 'lfjshda';

   $_SESSION[$sess_uid] = '';
   $_SESSION[$sess_pwd] = '';

   unset($_SESSION[$sess_uid]);
   unset($_SESSION[$sess_pwd]);
}


//------------------------------------------------------------------------------


function login($login, $uid=0, $pass, $rem=false)
{
   $db = mysql_init();
   
   $q = 'select `users`.*, `levels`.`num` as `level` from `users`
                      inner join `levels` on `levels`.`id`=`users`.`level_id`
                      where (`login`=? or `users`.`id`=?d) and `pass`=?';
   
   $user = $db->selectRow($q, $login, $uid, $pass);

   if(is_array($user) && isset($user['id']) && ( $uid>0 && $user['id'] == $uid ) || ( isset($login, $user['login']) && strlen($login)>3 && strstr($login, $user['login']) ) )
   {
      if($user['ban']==1) return 'banned';
   
      $user['rights'] = get_user_rights($user['id']);
      
      $user['level'] = is_admin($user) ? 99 : $user['level']; // godmode on!
      
      if($rem) set_cookie($user['id'], $user['pass']);
      
      start_session($user['id'], $user['pass']);

      return $user;
   }
   elseif(strlen($login)>0 || strlen($pass)>0) return 'wrong';
   else return 'guest';
}

//------------------------------------------------------------------------------


function logout()
{
   unset_cookie();
   
   stop_session();
   
   header('location:'._basedomain);

   return '';
}

//------------------------------------------------------------------------------

function check_trusted_ip()
{
   $ip = getenv('REMOTE_ADDR');
   
   $trusted_ips = explode(' ', _trusted_ips);
   
   $c = count($trusted_ips);
	
   for($i=0; $i<$c; $i++)
   {
      if( preg_match('/^'.$trusted_ips[$i].'/', $ip) ) return true;
   }
   
   return false;
}



function hello()
{
   if(isset($_GET['logme'])) return logout();

   $u = get_session();
   
   if(!is_array($u)) $u = get_cookie();
   
   $user = '';
   
   if( $u[0] > 0 ) $user = login('', $u[0], $u[1]);
   
   if( isset($_POST['l']) )   // someone wants to login
   {
      $lgn = strtolower($_POST['l']);
      $lgn = preg_replace('/[^a-z0-9\.\-\_\@]/i', '', $lgn);

      if( strlen($lgn)<_login_length || strlen($_POST['p'])<_password_length ) header('Location:'._basedomain);
      
      $pwd = md5($_POST['p']);

      $rem = (isset($_POST['r']) && $_POST['r']=='on'); // remember me
      
      $user = login($lgn, 0, $pwd, $rem);

      if(is_array($user) && isset($user['id'])) return $user;
      else header('Location: '._basedomain.'/?wrongpass');
   }
   elseif(is_array($user) && isset($user['id']) && !($user['login']==_anonymous_login && !check_trusted_ip()) ) return $user; // someone is already authorized
   elseif(_login_anonymous && check_trusted_ip() )	return login(_anonymous_login, 0, _anonymous_passw, false); // someone is just a new anonymous
   else header('Location: '._basedomain.'/login.html');
}

//------------------------------------------------------------------------------
//
//------------------------------------------------------------------------------


function user_pad($user)
{

   if(is_array($user) && isset($user['id']) && $user['id'] != _anonymous_id)
   {
      $upad = get_template('user-pad-logged.html');
      
      $kwords = array('_ULOGIN_', '_UNAME_');
      $rwords = array($user['login'], $user['name']);

      $upad = str_replace($kwords, $rwords, $upad);
      
      return $upad;
   }
   elseif(is_array($user) && isset($user['id']) && $user['id'] == _anonymous_id )
   {
      $upad = get_template('user-pad-anonymous.html');
      
      $upad = str_replace('_SHOWFORM_', (int)isset($_GET['wrongpass']), $upad);

      return $upad;
   }
   else
   {
      $upad = get_template('user-pad-form.html');
      
      $upad = str_replace('_SHOWFORM_', (int)isset($_GET['wrongpass']), $upad);

      return $upad;
   }

}




























?>
